package JAVA_SV_EMAIL_HOST;
import org.apache.commons.mail.DefaultAuthenticator;
import org.apache.commons.mail.Email;
import org.apache.commons.mail.EmailException;
import org.apache.commons.mail.SimpleEmail;

import java.io.IOException;

public class Vulnerable_02 {
    public class SimpleEmailHost {

        public void sendEmail() throws IOException, EmailException {
            String username = "username@gmail.com", password = "password";
            Email email = new SimpleEmail();
            email.setSmtpPort(465);
            email.setAuthenticator(new DefaultAuthenticator(username, password));
            email.setSSLOnConnect(true); // Noncompliant;
            email.setStartTLSEnabled(true);// Noncompliant;
            email.setStartTLSRequired(true);// Noncompliant; setSSLCheckServerIdentity(true) should also be called before sending the email
            email.send();
        }
    }
}
